Stock Spammers - Now using ZIP files
Posted
Tuesday, July 31, 2007 8:24 PM
by
hwaldron
Stock Spammers are massively spamming PDF, XLS,
GIF, and now ZIP based attachments to
distribute stock spam. The senders are trying to circumvent filtering
controls. I've received a # of these and an analysis of one sample sent to
Virus Total is attached below. It's not malicious, but any untrusted attachment
should not be opened.
FORMAT OF ZIP STOCK SPAM: As an example, the subject line
might appear as "OFFER" or "DOC". There is no text in the message body (blank
message). There is only a single attachment (usually named like the subject
line, e.g., "OFFER.ZIP", DOC.ZIP").
Stock Spammers - Now using ZIP files
http://isc.sans.org/diary.html?storyid=3206
QUOTE: We have received numerous emails today regarding yet
another round of spam hitting the cyberwaves. This spam is nothing more than a
new twist on the pump and dump stock market emails. It appears that these
emails include a zip or RAR file for an attachment. Once opened, these contain
nothing more than the get rich quick stock market info. There appears to be
nothing malicious other than an attempt to sway the market.
VIRUS TOTAL RESULTS BELOW:
Complete scanning result of "doc.zip", processed in VirusTotal
at
07/31/2007 19:59:03 (CET).
[ file data ]
* name: doc.zip
* size: 6833
* md5.:
d45288a2ea0dcebf97d5b51d918bcb70
* sha1:
f13217295155a214facce79bae4b503e11b45b23
[ scan result ]
AhnLab-V3 2007.7.31.1/20070731 found
nothing
AntiVir 7.4.0.54/20070731 found
nothing
Authentium 4.93.8/20070731 found
nothing
Avast 4.7.1029.0/20070731 found
nothing
AVG 7.5.0.476/20070730 found
nothing
BitDefender 7.2/20070731 found
nothing
CAT-QuickHeal 9.00/20070731 found
nothing
ClamAV 0.91/20070731 found nothing
DrWeb 4.33/20070731 found
nothing
eSafe 7.0.15.0/20070731 found
nothing
eTrust-Vet 31.1.5019/20070731 found
nothing
Ewido 4.0/20070731 found nothing
F-Prot 4.3.2.48/20070730 found
nothing
F-Secure 6.70.13030.0/20070731 found
nothing
FileAdvisor 1/20070731 found
nothing
Fortinet 2.91.0.0/20070731 found
nothing
Ikarus T3.1.1.8/20070731 found
nothing
Kaspersky 4.0.2.24/20070731 found
nothing
McAfee 5087/20070731 found nothing
Microsoft 1.2704/20070731 found
nothing
NOD32v2 2430/20070731 found nothing
Norman 5.80.02/20070731 found
nothing
Panda 9.0.0.4/20070731 found nothing
Prevx1 V2/20070731 found
nothing
Rising 19.34.12.00/20070731 found
nothing
Sophos 4.19.0/20070726 found
nothing
Sunbelt 2.2.907.0/20070731 found
nothing
Symantec 10/20070731 found
nothing
TheHacker 6.1.7.159/20070731 found
nothing
VBA32 3.12.2.2/20070730 found
nothing
VirusBuster 4.3.26:9/20070731 found
nothing
Webwasher-Gateway 6.0.1/20070731 found nothing